Tuesday, January 24, 2012

Security issue with Joomla 1.6


Joomla is a well-known, widely used open source CMS. According to their website, 2.7 percent of the Web is running on Joomla. Its small download size, easy installation and easy to use interface make it a top choice for a fast development of a website. If you also add the fact that it runs on a PHP/MySQL environment and that it supports a wide variety of plugins, you can see why Joomla is so appreciated.

I have recently used Joomla for a website I was developing these past few months. I must say that if you are thinking of using it for deploying a website fast and easily I would recommend it. However, it is my personal opinion that to get a great look and fell as well as to add some more complex functionalities you would need some basic CSS/HTML/PHP knowledge. For more complex functionalities you will actually need to go in the source code sometimes which entails a good if not excellent understanding of PHP. The good part is that, being open source, there is a detailed documentation as well as a large community which can help you if you run into any problems.

While I was working on the website I discovered a very interesting bug which turned out to be a very big security flaw. Note that this applies if you have more than one user with admin privileges or which can access the global configuration component in the administrator backend.